Filtered by vendor Amd
Subscriptions
Total
319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26340 | 1 Amd | 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7232p and 207 more | 2024-11-21 | 8.4 High |
| A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | ||||
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2024-11-21 | 5.5 Medium |
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | ||||
| CVE-2021-26338 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 7.5 High |
| Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. | ||||
| CVE-2021-26337 | 1 Amd | 224 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 221 more | 2024-11-21 | 5.5 Medium |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | ||||
| CVE-2021-26336 | 1 Amd | 190 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 187 more | 2024-11-21 | 5.5 Medium |
| Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | ||||
| CVE-2021-26335 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 7.8 High |
| Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. | ||||
| CVE-2021-26334 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-11-21 | 9.9 Critical |
| The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||||
| CVE-2021-26333 | 1 Amd | 2 Chipset Driver, Psp Driver | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. | ||||
| CVE-2021-26332 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.1 High |
| Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. | ||||
| CVE-2021-26331 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 7.8 High |
| AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | ||||
| CVE-2021-26330 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 5.5 Medium |
| AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | ||||
| CVE-2021-26329 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 5.5 Medium |
| AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. | ||||
| CVE-2021-26327 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 5.5 Medium |
| Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | ||||
| CVE-2021-26326 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 7.8 High |
| Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. | ||||
| CVE-2021-26325 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 5.5 Medium |
| Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | ||||
| CVE-2021-26324 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 7.8 High |
| A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. | ||||
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 7.8 High |
| Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | ||||
| CVE-2021-26322 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 7.5 High |
| Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | ||||
| CVE-2021-26321 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 5.5 Medium |
| Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | ||||
| CVE-2021-26320 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 5.5 Medium |
| Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | ||||